CVE-2024-27277 — Vulnetix

CVE-2024-27277 PUBLISHED

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

EPSS 0.03% · 8.7th percentile

Risk Scores

EPSS Score

0.03%

8.7th percentile

Affected Products

Vendor	Product	Versions
n/a	Spring Framework	Spring Framework versions 5.3.X prior to 5.3.17+ and all old and unsupported versions

Timeline

Apr 7, 2022 PoC Published
Oct 21, 2023 PoC Published
Mar 21, 2024 CVE Published
Mar 22, 2024 EPSS Score
Apr 17, 2024 EPSS Score
May 13, 2024 EPSS Score
Jun 7, 2024 EPSS Score
Jul 3, 2024 EPSS Score
Jul 29, 2024 EPSS Score
Aug 2, 2024 CVE Updated
Aug 24, 2024 EPSS Score
Sep 18, 2024 EPSS Score

References

https://www.ibm.com/support/pages/node/7144944 advisory
https://www.ibm.com/support/pages/node/7144861 advisory
https://tanzu.vmware.com/security/cve-2022-22950 url

Open in Interactive Console →